News Microsoft responds to Google's security concerns

Skynet

 

But on this topic and the earlier Google announcement, it was purely desktop based with no mention of server OS.

The number don't lie and it is a pure case of numbers when it comes to security attacks on OS. Go to AVG, Symantec or McAfee who would probably claim to be the biggest 3 on security and read their figures.

The myth is that OSX or any distro of Linux is safe and secure. As I stated earlier, I don't believe any OS to be 100% safe and secure.

Don't forget, when you ASSUME, you make and ASS out of U and ME! but mainly U.

 

But why aren't Google saying they will be using it? The choice so far has been OSX or a Linux distro. Will Chrome be under that guise of Linux?

 

When it is finished, maybe. ChromeOS is a linux distro - it is basically the Chrome browser running on a linux kernel. Indeed all a linux distribution is is a linux kernel with a chosen desktop environment - be it Gnome (looks a bit like OSX), KDE (Windows 7 copied it), XFCE or Enlightenment. You then add a package manager (APT - for Debian, RPM for Redhat etc) You then add a bunch of applications, such as Firefox or Chrome, Openoffice, Evolution email and a few card games and you are away. ChromeOS just dispenses with the apps and relies on the cloud. Anyone can make their own linux distribution - their own choice of looks and applications.

The main thing is whether ChromeOS will allow users to install development tools and compilers, or whether a full OS will be needed.

 

Yes, actually. 8-12 screws, lift off single piece of aluminium, replace chips, screw the back on again.

Same goes for the hard disk - unscrew the little bracket holding it in, lift it out, unclip SATA cable, swap disks etc.

 

That is a user choice, i for one can't stand UAC, i use third party software and have never had a problem..
You've got to ask yourself this, what are windows users doing when they actually get a virus? im sure 99% of the time its something that they shouldn't be doing or something that should be secure by other software.

 

True, changing the source code to give more protection against hackers. But the majority of application developers don't have the time in their tight timeline projects to change it or even if they have the source code that is availiable to developers are available to hackers, so if a developer as a possible securety issue in a application and it has to change source code from some part of the OS, a subsquencial hacker that have access to the same source code can study in the base of what the application does and change someting to overpass the suposed sucurity arrangement.
Sorry about my engllkishshshs

 

Not true, Windows security nowadays isn't too bad. it could be made better but things like ASLR (which OS X doesn't have) help.

Wrong, *nix was never designed from the start to be secure, it was designed to be portable and simple - this has the effect of making it fairly secure from the start.
*nix doesn't require more knowledge, unix and unix-like systems form a massive array of different operating systems, I wouldn't call OS X difficult (unix) but I'd call Gentoo somewhat harder (linux).
You can certainly hack Linux or Unix, whether it's a kernel vulnerability or something else (Windows is a collection of services too, it isn't one big program). Plenty of stuff runs with root priviledges - anything that outputs under port 1000 needs root access, including HTTP and FTP daemons - you'd better put everything in a chroot jail otherwise you're at risk.

 

That's just not right. The majority of vulnerabilities arise because of mistakes in the C/C++ code. Correct the mistake, re-compile the code and the vulnerability has disappeared. There is nothing any cracker can do about it.

What you're talking about is known as a 'shim'. Shims address the symptoms, not the cause. The cause (faulty C/C++ code) will always remain and there may be ways to exploit this faulty code that the shim doesn't catch. For this reason, developing shims are NOT a good security practice.

 

Lol, shim??
I'm a cloud developer that must be the reason why i never heard that word in my life. I'm not a Security Expert but i never been hacked with my applications, just happend once when i had Ubuntu OS in my servers, maybe it's not the best linux in therms of security but i changed to server2003 and never had any security issue.

 

It's an engineering term that's been taken up by the software industry. Check out 'kludge' as well.

 

Ye, now did you mention Solution to a problem or "klumsy, lame, ugly, dumb, but good enough, or klutzy, lashup, under, going, engineering" because in software i do the 2 things and i don't belive you don't do the same. If not you are a perfect program writer who had never did a little "Cowboy" programing to maintain a Deadline.

 

Excellent list! I've learned more from this forum in about 2 days than I have at any other forum community.